[jira] Created: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
[jira] Created: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
by JIRA jira@codehaus.org
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message unescaped HTML in SCM Changes summary
------------------------------------- Key: CONTINUUM-1983 URL: http://jira.codehaus.org/browse/CONTINUUM-1983 Project: Continuum Issue Type: Bug Components: Web - UI Affects Versions: 1.1 Environment: Linux Reporter: Reimer Prochnow Priority: Minor If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section on the build result page. It should be escaped for security issues. The page involved is: continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61 <ec:column property="comment" title="buildResult.changes.comment" /> But the columns are rendered by extremecomponents taglib. This should be able to escape HTML by configuration, unfortunately i do not find any documentation on this taglib -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |
|
|
[jira] Commented: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
by JIRA jira@codehaus.org
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message [ http://jira.codehaus.org/browse/CONTINUUM-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181069#action_181069 ] Reimer Prochnow commented on CONTINUUM-1983: -------------------------------------------- still present in beta 1.3.3 (build # 778084) > unescaped HTML in SCM Changes summary > ------------------------------------- > > Key: CONTINUUM-1983 > URL: http://jira.codehaus.org/browse/CONTINUUM-1983 > Project: Continuum > Issue Type: Bug > Components: Web - UI > Affects Versions: 1.1 > Environment: Linux > Reporter: Reimer Prochnow > Priority: Minor > > If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section on the build result page. > It should be escaped for security issues. > The page involved is: > continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61 > <ec:column property="comment" title="buildResult.changes.comment" /> > But the columns are rendered by extremecomponents taglib. > This should be able to escape HTML by configuration, unfortunately i do not find any documentation on this taglib -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |
|
|
[jira] Updated: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
by JIRA jira@codehaus.org
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message [ http://jira.codehaus.org/browse/CONTINUUM-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wendy Smoak updated CONTINUUM-1983: ----------------------------------- Affects Version/s: 1.3.3 Fix Version/s: Reviewed > unescaped HTML in SCM Changes summary > ------------------------------------- > > Key: CONTINUUM-1983 > URL: http://jira.codehaus.org/browse/CONTINUUM-1983 > Project: Continuum > Issue Type: Bug > Components: Web - UI > Affects Versions: 1.1, 1.3.3 > Environment: Linux > Reporter: Reimer Prochnow > Priority: Minor > Fix For: Reviewed > > > If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section on the build result page. > It should be escaped for security issues. > The page involved is: > continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61 > <ec:column property="comment" title="buildResult.changes.comment" /> > But the columns are rendered by extremecomponents taglib. > This should be able to escape HTML by configuration, unfortunately i do not find any documentation on this taglib -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |
| Free embeddable forum powered by Nabble | Forum Help |
